Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

The DSA service provided by the Debian Security Team has offered
information on security vulnerabilities that were fixed in Debian
GNU/Linux releases since 1997. In an effort to cooperate with the
Common Vulnerabilities and Exposures (CVE) project[2] to standardise
the names for all publicly known vulnerabilities and security
exposures, new security advisories[3] have carried CVE names since June
2002. Debian formally applied for CVE compatibility in May 2003.

The Debian project believes that it is extremely important to provide
users with additional information related to security issues that
affect the Debian distribution. The inclusion of CVE names in
advisories helps users associate generic vulnerabilities with specific
Debian advisories and updates, which reduces the time spent handling
vulnerabilities that affect our users.

The availability of common security references also eases the
management of security in an environment where CVE-enabled security
tools such as network or host intrusion detection systems, or
vulnerability assessment tools are already deployed regardless of
whether or not they are based on the Debian distribution.

The Debian project has added CVE names to all advisories released
since September 1998 through a review process started on August 2002.
All advisories can be retrieved from the Debian web site, and
announcements related to new vulnerabilities include CVE names if
available at the time of their release. Advisories associated with a
given CVE name can be searched directly through the search engine[4].

Moreover, Debian provides a complete cross-reference table[5],
including all references available for advisories published since
1997. This table is provided to complement the reference map[6]
available at CVE.

Debian developers understand the need to provide accurate and up to
date information of the security status of the Debian distribution,
allowing users to manage the risk associated with new security
vulnerabilities. CVE names enable the project to provide standardised
references to all publicly known vulnerabilities and security
exposures which allow users to develop a CVE-enabled security
management process.